Back to Home

Privacy Policy

Effective date: April 5, 2026

Introduction

IK Lab ("we," "us," or "our") operates the website iklab.dev and develops software products including CasePilot and BugPilot, which are extensions for Azure DevOps. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and products (collectively, the "Services").

We are committed to protecting your privacy and handling your data responsibly. We collect only the minimum data necessary to provide and improve our Services, and we never sell your personal information to third parties.

What Data We Collect

We collect the following categories of information:

  • Account Information: When you sign up or subscribe to a paid plan, we collect your email address and, where applicable, your Azure DevOps organization identifier to provision access to our extensions.
  • Work Item Content: When you use CasePilot or BugPilot, the text of user stories or bug reports you submit is sent to our API for AI processing. This content is processed in real time to generate test cases or enhance bug reports and is not stored permanently on our servers after processing is complete.
  • Billing Information: Payment details (such as credit card numbers) are collected and processed directly by our payment processor, Stripe. We do not store your full payment card details on our systems. We receive only a limited set of information from Stripe, such as the last four digits of your card, card type, and billing address, for record-keeping purposes.
  • Usage and Analytics Data: We use Cloudflare Web Analytics, a privacy-friendly, cookieless analytics service, to understand how visitors interact with our website. This data is aggregated and does not identify individual users. No personal data is sent to third-party advertising networks.
  • Technical Data: Our servers automatically log limited technical information such as IP addresses (anonymized), browser type, and request timestamps for security and operational purposes.

How We Use Your Data

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our Services, including processing work item content through our AI models via the CasePilot and BugPilot extensions.
  • To process payments and manage subscriptions through Stripe.
  • To communicate with you about your account, respond to support requests, and send essential service-related notices.
  • To monitor and analyze website usage trends in aggregate using Cloudflare Web Analytics to improve user experience.
  • To detect, prevent, and address technical issues, fraud, or security incidents.
  • To comply with legal obligations and enforce our Terms of Service.

Third-Party Services

We integrate with the following third-party services to deliver our products:

  • Stripe: For payment processing. Stripe handles all payment card data in accordance with PCI-DSS standards. See Stripe's Privacy Policy.
  • Cloudflare: For website hosting, security, and privacy-friendly web analytics. Cloudflare Web Analytics does not use cookies or track individual users. See Cloudflare's Privacy Policy.
  • Microsoft Azure DevOps: Our extensions operate within the Azure DevOps platform. Your use of Azure DevOps is governed by Microsoft's own privacy terms.

We do not sell, rent, or share your personal data with third parties for their marketing purposes. Data is only shared with the service providers listed above to the extent necessary to operate our Services.

Cookies and Tracking Technologies

Our website uses Cloudflare Web Analytics, which is a cookieless, privacy-first analytics solution that is compliant with GDPR, CCPA, and PECR. It does not use any client-side state (such as cookies or localStorage) to collect data, and it does not fingerprint users.

We do not use advertising cookies, social media tracking pixels, or any other third-party tracking technologies on our website.

Essential cookies may be used solely for functional purposes such as session management if you access account-related features. These cookies are strictly necessary and do not require consent under applicable privacy regulations.

Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

  • Work item content (user stories, bug reports) submitted to CasePilot or BugPilot is processed in real time and is not stored on our servers after the AI-generated results have been returned.
  • Account and billing records are retained for the duration of your subscription and for a reasonable period thereafter to comply with legal, tax, and accounting obligations.
  • Server logs containing anonymized technical data are retained for up to 90 days for security and debugging purposes, then automatically deleted.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Objection: Object to certain processing of your personal data.
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), secure server infrastructure, and access controls limiting data access to authorized personnel only.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal information, please contact us at [email protected], and we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Effective date" at the top of this page and, where appropriate, notify you via email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

IK Lab
Email: [email protected]
Website: iklab.dev